CLAIMS 

What is claimed is: 

1 . A method facilitating remote deployment of network devices, comprising 

monitoring, at a network device operating in an unconfigured mode, for a 
configuration message, wherein the configuration message includes information 
sufficient for the network device to establish a network connection with a remote 
device; 

configuring the network device using the configuration information in the 
configuration message; and 

switching the network device to a configured mode. 

2. The method of claim 1 further comprising 

transmitting a message to the remote device, 

3. The method of claim 1 wherein the network device is disposed on a 
communications path between a first network and a second network; and wherein 
the method further comprises 

forwarding all packets, other than configuration messages, along the 
communications path. 

4. The method of claim 2 wherein the transmitting step comprises 

initiating a connection to the remote device. 

5. The method of claim 1 further comprising 

receiving additional configuration from the remote device. 

6. The method of claim 1 wherein the remote device is a network management 
system. 
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7. The method of claim 1 further comprising 

validating the configuration message before the configuring step. 

8. The method of claim 3 wherein the configuration message is transmitted from a 
remote device on the first network and addressed to a destination host on the second 
network. 

9. A method facilitating remote deployment and configuration of a network device 
physically installed on a first network, wherein the network device is operative to 
intercept configuration messages, comprising 

composing a configuration message including configuration information 
corresponding to a network device; and 

. transmitting from a second network a configuration message to a destination 
host in the first network, wherein the network device is disposed on the 
communications path between the second network and the destination host. 

10. The method of claim 9 further comprising 

repeating the transmitting step until a response to the configuration message 
is received from the network device. 

1 1 . The method of claim 9 wherein the configuration information comprises 
information sufficient for the network device to establish a network connection with 
a remote device. 

12. The method of claim 9 wherein the configuration message includes configuration 
information including a network address for the network device, a sub-network mask 
for the first network, a network address for the remote device, and the network 
address of the gateway router corresponding to the first network. 
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13. The method of claim 11 wherein the configuration information further includes a 
cryptographic digest of the configuration information. 

14. The method of claim 13 wherein the configuration information is encrypted with 
an encryption key. 

15. The method of claim 14 wherein the encryption key comprises a secret string of 
text. 

16. The method of claim 15 wherein the encryption key further comprises a random 
number. 

17. The method of claim 16 wherein the encryption key further comprises the 
network address of the destination host. 

18. The method of claim 15 wherein the network device is pre-configured with the 
secret string of text. 

19. The method of claim 14 wherein the encryption key is a symmetric encryption 
key. 

20. The method of claim 14 wherein the encryption key is a private encryption key, 
and wherein the configuration information is encrypted using an asymmetric 
encryption algorithm. 

21 . The method of claim 20 wherein the network device is preconfigured with the 
public encryption key corresponding to the private encryption key. 

22. The method of claim 19 wherein the symmetric encryption key is encrypted using 
an asymmetric encryption algorithm with a private encryption key. 
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23. The method of claim 22 wherein the network device is preconfigured with the 
public encryption key corresponding to the private encryption key. 

24. A method facilitating remote deployment of network devices, comprising 

monitoring, at a network device in an unconfigured mode, for a configuration 
message transmitted by a network management system, wherein the configuration 
message includes configuration information for the network device; 

after detection of a configuration message, validating the configuration 
message; 

if the configuration message is valid, configuring the network device using the 
configuration information in the configuration message. 

25. The method of claim 24 wherein the configuration message includes information 
sufficient for the network device to establish a network connection to network 
management device. 

26. The method of claim 24 further comprising 

forwarding on all packets other than configuration messages. 

27. The method of claim 24 further comprising 

forwarding on configuration messages that are not valid relative to the 
network device. 

28. The method of claim 24 wherein the configuration information comprises a 
network address for the network dej/ice, and a network address corresponding to the 
network management system. 

29. The method of claim 24 wherein the configuration information in the 
configuration message is encrypted. 
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30. The method of claim 24 wherein the network device is operably connected to a 
first network comprising a gateway router having a gateway network address; 
wherein the configuration information in the configuration message comprises the 
network address of a gateway router; and wherein the validating step comprises 
determining whether the network address of the gateway router matches the 
gateway network address of the gateway router. 

31 . The method of claim 24 wherein the determining step comprises broadcasting an 
address resolution protocol request, including the network address in the 
configuration message, on the network. 

32. The method of claim 24 wherein the monitoring step.comprises 

intercepting, at a first network interface, a configuration message transmitted 
by a network management system; 

passing other packets to a second network interface for forwarding along a 
communications path. 

33. The method of claim 24 wherein the configuration information in the 
configuration message is encrypted and wherein the validating step comprises 

decrypting the configuration information. 

34. A method facilitating remote deployment of network devices, comprising 

intercepting, at a network device in an unconfigured state, a configuration 
message transmitted by a network management system, wherein the configuration 
message includes configuration information for the network device; 

after detection of a configuration message, validating the configuration 
message; 

if the configuration message is valid, configuring the network device using the 
configuration information in the configuration message. 
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35. The method of claim 34 wherein the configuration information includes the 
network address of a network management system, and wherein the method further 
comprises 

establishing a connection to the network management system using the 
network address in the configuration information. 

36. A network device allowing for automated, remote deployment, comprising 

at least one network interface operative to transmit and receive packets over 
a computer network; 

a configuration interface module operative to configure the network device 
based on received configuration information; and 

a configuration daemon operative, when the network device is an 
unconfigured state, to 

monitor the at least one network interface for configuration messages; 
validate configuration messages; and 

invoke the configuration interface module after receipt of a valid 
configuration message. 

37. The network device of claim 36 comprising first and second network interfaces 
operative to transmit and receive packets over a computer network; and wherein the 
configuration daemon is further operative to 

forward packets, intended for other network devices, received at the first 
network interface for transmission from the second network interface; and 

forward packets, intended for other network devices, received at the second 
network interface for transmission from the first network interface. 

38. The network device of claim 36 wherein the configuration interface module is 
operative to configure the network device to communicate with a remote network 
device using information in the configuration message. 
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39. A network device facilitating remote deployment and configuration, comprising 

a configuration daemon operative, in an unconfigured mode, to 

monitor for configuration messages including configuration information, 

sufficient to configure the network device to communicate with a remote device over 

a computer network; and 

a configuration interface module operative to 

initially configure the network device to communicate with a remote 

device over a computer network based on configuration information in a 

configuration message received by the configuration daemon; and 

communicate with the remote device to receive additional 

configuration information. 

40. The network device of claim 39 further comprising 

at least one network interface operative to transmit and receive packets over 
a computer network; and wherein the configuration daemon is operative to monitor 
for configuration messages received at the at least one network interface. 

41 . In a network environment comprising a first network and a second network, 
wherein the first network includes a gateway router allowing access to resources on 
at least the second network, a method facilitating remote configuration of a network 
device physically installed on the first network, the method comprising 

identifying a destination host on the first network, wherein an unconfigured 
network device is disposed on the communications path between the gateway router 
and the network device, wherein the network device is operative, in an unconfigured 
mode, to intercept configuration messages; 

transmitting a configuration message to the first network, wherein the 
configuration message is addressed to the destination host. 
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t1 . The method of claim 41 wherein the configuration message is formatted in a 
manner that causes the destination host to ignore the configuration message. 

t2. The method of claim 41 wherein the configuration message is formatted in a 
manner that causes the destination host to discard the configuration message. 

t3. The method of claim 41 wherein the configuration message is formatted 
according to a protocol that is not implemented by the destination host. 

t4. The method of claim 41 wherein the configuration message is formatted 
according to a protocol that is not understood by the destination host. 

t5. The method of claim 41 wherein the configuration message includes information 
sufficient for the network device to establish a network connection with a remote 
device. 

t47. The method of claim 46wherein the configuration message includes a network 
address for the network device, a sub-network mask for the first network, a network 
address for the remote device, and the network address of the gateway router. 

48. A method facilitating remote, automated deployment of a network device on a 
network, comprising 

establishing, in an unconfigured mode, a connection with a remote device for 
configuration information; 

providing, during the connection, a hardware profile of a network device; 

receiving configuration information from the remote device based on the 
hardware profile. 

49. The method of claim 48 further comprising 

obtaining a network address before the establishing step. 
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50. The method of claim 49 wherein the network address is a dynamic IP address 
obtained from a DHCP server. 

51 . The method of claim 48 further comprising 

gathering network topology information characterizing the topology of the 
network to which the network device is attached; and 

providing the network topology information to the remote device; and 
wherein the configuration information received from the remote device is based on 
the hardware profile and the network topology information. 

52. The method of claim 51 wherein the network topology information comprises 
information concerning at least one host neighboring the network device. 

53. The method of claim 51 wherein the network topology information comprises the 
subnetworks accessible to the network device. 

54. The method of claim 48 wherein the establishing step is performed in response 
to the receipt of a configuration message transmitted by the remote device. 

55. The method of claim 54 wherein the configuration message is addressed to the 
broadcast address of the network. 

56. The method of claim 50 wherein the network comprises a DHCP server operative 
to provide the network address of the remote device in a field associated with a 
DHCP response transmitted to the network device. 

57. The method of claim 48 wherein a second network device connected to the 
network is operative to broadcast the network address of the remote device. 
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58. The method of claim 48 wherein the network comprises a second network device 
operative to transmit the network address of the remote device in response to a 
request; and wherein the method further comprises 

broadcasting a request for the network address of the remote device. 
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